There are a couple ways to do this. First, instead of going into openssl command prompt mode, just enter everything on one command line from the Windows prompt: E:\> openssl x509 -pubkey -noout -in cert.pem > pubkey.pem If for some reason, you have to use the openssl command prompt, just enter everything up to the … Read more
If you’re using BouncyCastle, try the following: import java.io.File; import java.io.FileReader; import java.io.IOException; import java.security.KeyPair; import java.security.Security; import java.security.Signature; import java.util.Arrays; import org.bouncycastle.jce.provider.BouncyCastleProvider; import org.bouncycastle.openssl.PEMReader; import org.bouncycastle.openssl.PasswordFinder; import org.bouncycastle.util.encoders.Hex; public class SignatureExample { public static void main(String [] args) throws Exception { Security.addProvider(new BouncyCastleProvider()); String message = “hello world”; File privateKey = new File(“private.pem”); KeyPair … Read more
You aren’t clear which files you combined, but it should work to use openssl to combine the cert and private key to a PKCS#12: cat cert_public_key.pem cert_private_key.pem >combined.pem openssl pkcs12 -export -in combined.pem -out cert.p12 or on the fly but (update:) the privatekey must be first: cat cert_private_key.pem cert_public_key.pem | openssl pkcs12 -export -out cert.p12 … Read more
The two files you need are a PEM encoded SSL certificate and private key. PEM encoded certs and keys are Base64 encoded text with start/end delimiters that look like —–BEGIN RSA PRIVATE KEY—– or similar. To create an SSL certificate you first need to generate a private key and a certificate signing request, or CSR … Read more
You don’t need to export existing parameters then re-import over top of them. That forces your machine to generate an RSA key then throw it away. So specifying a keysize to the constructor doesn’t matter (if you don’t use the key it won’t generate one… usually). The public key file is a DER encoded blob. … Read more
Please note: The code below is for exporting a private key. If you are looking to export the public key, please refer to my answer given here. The PEM format is simply the ASN.1 DER encoding of the key (per PKCS#1) converted to Base64. Given the limited number of fields needed to represent the key, … Read more
There’s an article on the Code Project that has all the code you need to do this. It’s just a couple of classes so it’s a light-weight solution. To get the bytes for either a certificate or a key from the PEM file the following method will work, regardless of the order of the key … Read more
You are probably using the wrong certificate file, what you need to do is generate a self signed certificate which can be done as follows openssl req -newkey rsa:2048 -new -nodes -keyout key.pem -out csr.pem openssl x509 -req -days 365 -in csr.pem -signkey key.pem -out server.crt then use the server.crt var options = { key: … Read more
Unfortunately, the code in the answer you referenced isn’t really correct – it exports a private key PEM format, but with only the public key fields correctly set, this is not the same as exporting an RSA public key in standard format. I actually wrote the code in the other answer to that question, and … Read more
Another perspective for doing it on Linux… here is how to do it so that the resulting single file contains the decrypted private key so that something like HAProxy can use it without prompting you for passphrase. openssl pkcs12 -in file.pfx -out file.pem -nodes Then you can configure HAProxy to use the file.pem file. This … Read more